Should I Care? #2 – Windows 2003 Server End of Life – July 14, 2015

In the RoundTable Technology “Should I Care?” series, we pick topics that seems to be on the minds of nonprofits and we try to answer whether or not you should care and, if so, what to do about it.

We envision these “Should I Care?” posts not as definitive answers to the question, of course, but we hope our collective RoundTable take on the matters will spark discussion and hopefully lend more insight to the chosen topic.

For our second post in the “Should I Care?” series, we’re taking on Microsoft Windows 2003 Server End of Life – coming to you on July 14th, 2015.

Subject

Microsoft will end support for Windows Server 2003 on July 14, 2015.  This means that Microsoft will no longer provide software updates or patches to this server operating system. Also, if you should have a problem with your Microsoft Windows 2003 Server operating system and you were to call Microsoft for help, they would refuse you on the grounds that it is no longer a supported system.

Why is this important?

  • Throughout the years, hackers and security companies alike have discovered vulnerabilities in server operating systems that exploit vulnerabilities and, in worst-case scenarios, take complete control of those machines.
  • Normally, Microsoft deploys patches to software via Windows Updates in order to keep them secure and to prevent hackers from doing damage.
  • As of July 14th, 2015, Microsoft will stop providing patches that keep Windows 2003 systems secure, meaning that as time passes beyond that deadline, the list of vulnerabilities will continue to grow (with nary fix or patch on the way) and Windows 2003 servers will be at increasing risk to hackers and malware exploits.
  • If you have business critical applications or information hosted on a server running Microsoft Windows 2003, you may no longer be able to get any support for that system.
  • If you have a regulatory compliance review such as HIPAA or PCI, or undergo any kind of financial audit,  Windows 2003 servers  may result in a violation which could have significant negative consequences for your organization.

So, “Should I Care?

This is one is pretty easy, on the surface: Do you have any servers running the Microsoft Windows 2003 Server operating system?

If your answer is a definitive “No”, then you are pretty safe in NOT caring about this. You can probably skip the rest unless you’re curious. We’d still love for you to complete our “Should I Care” series survey, however.

If you DO have one or more servers running Microsoft Windows 2003 Server, read on.

I have Windows 2003 servers! What do I do about them?

This is where we have some potentially bad news for you. There’s really no simple answer here, and no way to avoid doing some work, potentially a lot of work depending on your situation. We’ll give you a brief outline of a recommended process here and some resources for exploring more on your own. But if you do have business-critical services being hosted by Windows 2003 servers, we strongly recommend that you act now.

The process recommended by Microsoft is a sound one. We’ve outlined it below:

Discover → Assess → Target → Migrate

Discover

How many Windows 2003 systems do you have? Where are they?

Assess

What are these Windows 2003 Servers doing for you organization? They are most likely performing one or more of the services below:

  • Active Directory: AD provides centralized management for devices and people. Active Directory also provides easier management of network resources, such as printers and copiers or shared network drives. For networks of Windows computers with more than 10 or so people, Active Directory is still generally required for management purposes.
  • File Sharing: Perhaps your Windows 2003 server is acting as a file server for sharing documents within the office.
  • Accounting & Fundraising: Many organizations run accounting (Quickbooks) or fundraising software (FundEZ, Raiser’s Edge) on a physical server in their office.  The application is often shared on the local network and staff members connect to it using client software that is installed on their workstations.
  • Other applications: Some organizations may be hosting other, specialized applications on servers in their office.

Target

Next, figure out “targets” for these services and applications. A “target” is another system that can perform this service or host the application or information for you. Targets could be any of the following: (warning — if you are not a technical type, this is going to get confusing for you)

  • Other servers running Windows 2008 or 2012
  • VMWare Virtual Hosts
  • Microsoft Hyper-V Virtual Hosts
  • Hosted Infrastructure such as AWS (Amazon), Microsoft Azure, or Google
  • Cloud Services such as Google Apps, Office 365, Google Drive, OneDrive, Dropbox, Salesforce, etc.
  • Purchase new server hardware and operating system (not generally recommended, but appropriate in some cases)
  • Some combination of these things

RoundTable Note: “Cloud-Vana”

This could be a great opportunity to think about going entirely “cloud-based” for your organization. This means NO servers, with all of your information being hosted by cloud-based services such Google Apps, Office 365, Salesforce, OneDrive, Google Drive, Dropbox, Box.org, and many, many more. We’re not going to elaborate too much on this in this post, but RoundTable is a strong advocate in cloud computing and believes most organizations could realize tremendous benefits by reaching “Cloud-Vana.”

Migrate

In this final phase, you migrate the services and applications you identified in the Discover and Assess phases to the Targets you selected.

Of course, if you would like help with any of this, please reach out to RoundTable via phone, email or webform. We are happy to help. And if you want to dig in a bit more on your own, we’ve linked to some additional resources below, after the survey.

Do you have Windows 2003 Servers at your organization?

 

If you have suggestions for future “Should I Care?” posts, please let us know.
Some examples below, please check all that interest you and also write in your own!